Hey forum.... I'm tired of figuring it all out for myself to just feel like I made something functional that's full of mistakes.
At this point I want an expert to review my configuration for sanity and to correct my mistakes.
I love mikrotik but with much power/features comes the need of great knowledge.
I'm willing to pay to play and have some desired features I want implemented.

I have the following diagram explaining the hardware involved and the desired configuration high points: I have three cAP AC units and two CRS125-25G-1S-2HnD units.
I want to have 4 vlans as shown in the diagram.
I want to make sure all the "access" ethernet ports are mac based vlan's that don't have to be tagged for a specific network and if the mac address isn't matched that it will default the user to the guest vlan.

I've reached out to a few people on the list: https://www.mikrotik.com/consultants
They ask what my business is and when I indicate I'm a home user not a business they stop responding.
I've even asked support@mikrotik.com for advice on who might be willing to help me just to receive the canned response of:
Hello, So I'm trying this approach.
As I've figured out each feature to my best knowledge I've added my configuration .rsc files to a github repo for reference:
https://github.com/lilmansplace/mikrotik
What would it take from you kind people of the community to find the expert who I can pay to help iron things out for my home network?

Thanks in advance and hope this isn't inappropriate or tacky

I want to make sure all the "access" ports are mac based vlan's that don't have to be tagged for a specific network and if the mac address isn't matched that it will default the user to the guest vlan.

Why Mac used?


Why not SSID-Based?

I guess I wasn't very clear. SSID based VLANS for wifi and mac based for ethernet.

I'm no expert (I come here to learn generally rather than to advise), am a long way away from being able to take on paid work and am just as likely to be corrected by the next expert that comes along, but I don't understand the need for all of the bridges in your VLAN configuration. My understanding was that best practice for switch chip based VLAN's was to have one bridge and for routing purposes between VLAN's to add VLAN interfaces to the bridge.

With the single bridge you maintain HW Offload and so get the best possible switching performance without stressing the CPU. Something like this -

There are some really good examples for CRS125's including one for MAC based VLAN's on this page https://wiki.mikrotik.com/wiki/Manual:C ... Based_VLAN. You will probably want to combine the MAC based VLAN example with the InterVLAN Routing example https://wiki.mikrotik.com/wiki/Manual:C ... AN_Routing if you are routing between VLAN's.

The bridges were to allow the internal wifi interfaces to be able to bridged with the vlans. I don't know of a better way to do that. In others example I've seen it a common practice to add a vlan interface as a sub interface of an ethernet port that uses the switching chip while wifi devices don't use the switching chip and have to be bridged in a grouping with the vlan interface.

I've since moved away from using the internal wireless interfaces and using capsman with my cAP's.

BUMP still looking for help....